Page 13 - OeEB-AnnualReport_2013

Basic HTML Version

OeEB Annual Report 2013
13
Management report
As it is wholly owned by OeKB, OeEB is covered by the
Group ICAAP, or Internal Capital Adequacy Assess-
ment Process. As the key metric in the measurement
and management of risk, the calculated economic
capital required is compared against the economic
capital available at different levels of scenario severity.
This is done in the calculation of risk coverage.
At individual-institution level, OeEB opts not to perform
a Pillar II calculation of risk coverage. However, despite
the relative insignificance of the risk, economic capital
is determined for the investment risk arising from
OeEB’s own investment portfolio (the banking book),
using the Value at Risk concept.
Risk management organisation
Under the Austrian Banking Act the full Executive
Board is responsible for managing OeEB’s risks relating
to banking transactions and banking operations, for
ensuring capital adequacy in respect of the risks taken,
and for establishing the organisation that this requires.
In this context, regard must be had to the proportio-
nality of the bank’s enterprise-wide risk management
(i.e., of the methods, systems and processes of risk
management) with the structure and size of the
bank’s risks.
In the interest of this proportionality, and given OeEB’s
business sector and the nature and scale of its specific
business and risk structure, the Executive Board
considers that an FMA-compliant risk management
organisation is appropriate. The Risk Management
Committee has the authority and responsibility to
decide on appropriate actions and processes for
implementing the risk policy and strategy set by the
Executive Board and approved by the Supervisory
Board.
Operational risk management by OeEB involves the
monitoring and control of the operational risk profile,
the development of strategies and processes for the
control of operational risk, and business continuity ma-
nagement in collaboration with OeKB’s operational risk
manager.
For emergencies and various crisis scenarios, the
operational risk management policy sets out emer-
gency and crisis response teams, responsibilities and
procedures.
The role of assuring the compliance of the internal
control system (ICS) with legal requirements is
contractually outsourced to OeKB. The ICS compliance
officer at OeKB works closely with the ICS process
owners at OeEB. Operational risk management is
performed in close cooperation with the operational
risk manager at OeKB and the organisation section of
OeKB’s OBUS (Organisation, Construction, Environ-
mental Issues and Security) department.
Like the bank’s risk management as a whole, the
internal control system is subject to ongoing scrutiny
by Internal Audit.
Under an agreement with OeKB, the securities
compliance officer function is outsourced to OeKB.
However, at OeEB there is a central contact person for
compliance matters. The function of the anti-money
laundering/anti-terrorism finance officer is performed
by the Legal department of OeEB. To mitigate the legal
risk of business transactions, the OeEB Legal depart-
ment as a rule works with local law firms.